Privacy and Personal Data Processing Policy

This privacy and personal data processing policy (hereinafter - the Policy) is compiled in accordance with the requirements of the REGULATION (EU) 2016/679 and determines the procedure for processing personal data and measures to ensure the security of personal data, which is performed by the Administrator of MedBrama Service IntracomUA OÜ (hereinafter - the Administrator). This policy serves the purposes of the MedBrama Telehealth Information Services Agreement (hereinafter referred to as the Agreement) and is an integral part thereof.

The administrator sets the protection of fundamental human and civil rights and freedoms, in particular the right to privacy, in connection with the processing of personal data as his most important goal and condition for carrying out his activities.

This Administrator Policy applies to all information that the Administrator may receive about the Users of the Service https://medbrama.com.

1. Definition of concepts

1.1 Owner of personal data - a person who determines the purpose of personal data processing, establishes the composition of these data and the procedures for their processing unless otherwise provided by law;

1.2 Consent of the personal data subject - a voluntary expression of the will of an individual (subject to his / her knowledge) to grant permission to process his / her personal data in accordance with the stated purpose of their processing, expressed in writing or in a form that allows concluding consent. The consent of the personal data subject may be given during registration in the information and telecommunication system of the Administrator by marking the permission to process their personal data in accordance with the stated purpose of their processing, provided that such system does not create opportunities for personal data processing until the moment of marking;

1.3 Impersonality of personal data - the removal of information that allows direct or indirect identification of the person;

1.4 Processing of personal data - any action or set of actions, such as collection, registration, accumulation, storage, adaptation, modification, renewal, use and dissemination (distribution, sale, transfer), depersonalization, destruction of personal data, including using information (automated) systems;

1.5 Recipient - a natural or legal person to whom personal data is provided, including a third party;

1.6 Personal data - information or a set of information about an individual who is identified or can be specifically identified;

1.7 Personal data controller - a natural or legal person to whom the owner of personal data or the law has the right to process this data on behalf of the owner;

1.8 Automated processing of personal data - processing of personal data using computer technology.

2. The Administrator may process such personal data of the User:

1) Last name, first name, patronymic;

2) Phone number;

3) Email address;

4) The Service also collects and processes impersonal data about visitors (including cookies) using Internet statistics services (Google Analytics and others);

5) User Data entered by them or formed by the Service when using, providing, and receiving Services by Users, including but not limited to:

-information about the state of health of the User, including information containing medical secrecy;

-history of orders and services.

6) The above data are further in the text of the Policy are united by the general concept of Personal Data.

3. Purposes of personal data processing

1) The purpose of processing personal data of the User - the conclusion, execution, and termination of civil contracts; providing the User with access to the services, information and / or materials contained on the website https://medbrama.com; clarification of order details.

2) The Administrator also has the right to send the User notifications about new products and services, special offers, and various events. The User may always opt-out of receiving informational messages by sending an email to the Administrator at [email protected] marked "Opting out of notifications of new products and services and special offers".

3) Impersonal data of Users, collected through Internet statistics services, are used to collect information about the actions of users on the site, improve the quality of the site and its content.

4. Consent to the processing of PD and the rights of the User as a subject of personal data

4.1.User, by clicking the "Agree" button to consent to the processing of PD and agree to the terms of this Policy:

4.1.1. Voluntarily gives its consent to the Administrator for automated and non-automated processing, including collection, registration, systematization, accumulation, storage, adaptation, modification, renewal, use and distribution (including transfer and cross-border transfer and distribution ), depersonalization, blocking, its PD, in the amount and for the purposes provided by this Policy and the Agreement;

4.1.2. Does not require informing about the transfer (distribution) of his PD, voluntarily provided to the Administrator, third parties, or obtaining the User's consent to such transfer, if this transfer (distribution) is carried out in order to implement legal relations stipulated by the Agreement;

4.1.3. Confirms his / her consent to provide his / her PD upon a written request to the User (who has already provided the Service to this User). Such information may be provided to the applicant in the form of a letter sent by e-mail. The user confirms that he will take all necessary measures to prevent third parties from e-mail;

4.1.4. Agrees to send the Administrator by any means of communication text, multimedia, and voice messages (including SMS and MMS) with information about the Service, Services, news, and any other advertising, commercial messages, or marketing nature. The User may refuse such notifications and mailings by sending an email to the Administrator's e-mail address.

4.1.5. Confirms that he has been notified in writing by the Administrator about the collection of his PD at the time of their collection, their content, the owner of the PD, the purpose of the collection, and the persons to whom they are transferred, as well as their rights under Art. 8 of the Law of Ukraine "On Personal Data Protection", according to which the subject of PD has the right to:

4.1.5.1. Know about the sources of collection, location of their PD, the purpose of processing, location or place of residence (stay) of the owner or administrator of the PD or give a corresponding order to obtain this information to authorized persons, except as provided by law;

4.1.5.2. Receive information on the conditions for granting access to the PD, in particular, information on third parties to whom its PD is transferred;

4.1.5.3. To access their PD;

4.1.5.4. Receive no later than thirty calendar days from the date of receipt of the request, except as provided by law, an answer as to whether its PD is processed, as well as receive the content of such PD;

4.1.5.5. Make a reasoned request to the owner of the PD with an objection to the processing of their PD;

4.1.5.6. Make a reasoned request to change or destroy their PD by any owner and administrator of the PD, if this data is processed illegally or is inaccurate;

4.1.5.7. To protect their PD from illegal processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision, as well as to protect against the provision of information that is inaccurate or discredits honor, dignity, and business reputation of an individual;

4.1.5.8. Apply legal remedies in case of violation of the legislation on the protection of PD;

4.1.5.9. Make reservations regarding the restriction of the right to process their PD during the granting of consent;

4.1.5.10. Withdraw consent for PD processing;

4.1.5.11. Know the mechanism of automatic processing of PD;

4.1.5.12. To protect against an automated decision that has legal consequences for him.

4.2. The User also has the right to request from the Administrator to remove his PD from the Service. At the same time, the Administrator removes from the PD Service the Patients whom he requests to delete, except for those that must be kept by the Administrator in accordance with the requirements of the legislation of Ukraine. In case of such deletion of data, the Administrator may delete the User's account and terminate the User's access to the Service and terminate his ability to receive the Services through the Service.

4.3. The User's consent to the processing of PD is valid for an indefinite period and may be revoked at any time. Requests for withdrawal of consent to the processing of their PDs and other applications and requests for the exercise of the User's rights as personal data subjects should be sent by the User to the e-mail address of the Administrator.

4.4. The User agrees that in case the trustee enters data into the Service for the provision of Services in special computer and / or information programs (systems) installed on any, including portable media, the User has given prior consent to such person to use his PD, is familiar with the list of services and wishes to receive such services, and confirms that such a trustee acted on behalf of the Patient and in his interests. The patient confirms that he gives the right to such a trustee to consent to the processing of PD on his behalf. If during the preliminary registration by the Patient of the form for the provision of Services in the Service the e-mail address of a third party was specified, the Patient agrees to send notifications related to his order of Services to this e-mail address. The third-party is responsible for the correctness of the e-mail address and the confidentiality of the information after its receipt.

4.5. Withdrawal of the Patient's consent to the processing of PD leads to the deletion of the Patient's account and termination of his access to the Service and termination of the possibility for the Patient to receive Services through the Service.

5. Procedure for collection, storage, transfer, and other types of personal data processing

The security of personal data processed by the Administrator is ensured by implementing the legal, organizational, and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.

1) The administrator ensures the preservation of personal data and takes all possible measures to exclude access to the personal data of unauthorized persons.

2) Personal data of the User will never, under any circumstances, be transferred to third parties, except in cases related to the implementation of applicable law.

3) In case of inaccuracies in personal data, the User may update them independently by sending a notice to the appropriate Administrator to the e-mail address of the Operator [email protected]. marked "Update of personal data".

4) The term of personal data processing is unlimited. The User may at any time revoke his consent to the processing of personal data by sending an e-mail to the Administrator to the e-mail address of the Administrator [email protected] marked "Withdrawal of consent to the processing of personal data".

6. Cross-border transfer of personal data

1) Prior to the start of cross-border transfer of personal data, the administrator is obliged to make sure that the foreign state to the territory of which the transfer of personal data is intended to provide reliable protection of the rights of personal data subjects.

2) Cross-border transfer of personal data in foreign countries that do not meet the above requirements may be carried out only with the written consent of the personal data subject to cross-border transfer of personal data and/or performance of the contract to which the subject is subject. personal data object.

7. SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests you send us as a site operator. You can recognize an encrypted connection in your browser's address bar when it changes from "http: //" to "https: //" and the lock icon appears in your browser's address bar.

If SSL or TLS encryption is enabled, the data you provide to us cannot be read by third parties.

8. Changes to the Policy

8.1. The Administrator reserves the right to revise and change the terms of this Policy unilaterally.

8.2. In case of making changes to the terms of the Policy, the Administrator notifies the Users of such changes and updates to the wording of the Policy when Users receive access to the Service. Further use of the Service will be deemed acceptance of such revised terms, and the User is responsible for compliance with such terms while using the Service. The User's access to the Service after notification of changes in the Policy is evidence that the User agrees to the changed conditions.

8.3. Changes to the Policy come into force from the moment of their publication on the Service.

IntracomUA OÜ